← back to shimmer

privacy.

what we collect, what we do with it, what we don't do.

LAST UPDATED · APRIL 2026

shimmer helps you see who else is at the bar, café, or restaurant you just walked into. That only works if we know where you are and who you are, so this document lays out exactly what we collect, what we do with it, and what we never do. Plain English wherever we can manage it.

01 · Who we are

shimmer ("we," "us") is operated by shimmer, Inc. You can reach a human at hello@shimmer.bar. For privacy-specific requests, use privacy@shimmer.bar.

02 · What we collect

Stuff you give us directly.

• Name, age, gender, and who you're looking for. Required to create a profile.
• A profile photo, if you upload one. Optional.
• A "vibe" — the one-line note about what kind of night you're having. Optional, editable, public at your venue.
• Messages you send inside shimmer after you match with someone.
• Reports you submit about other users, including reason and who you reported.

Stuff your device provides.

• Your precise location — only while shimmer is open and only to identify the venue you're at. We don't store a running history of where you've been. The coordinates are used to query nearby places, then discarded; what we store is the venue ID you check into.
• An anonymous identifier when you continue as a guest, or your Apple ID email (or Apple's relay address, if you choose "Hide My Email") when you sign in with Apple. We use this to know it's you across sessions and nothing else.
• Basic technical data — device type, approximate IP-based region for fraud detection, session timestamps.

03 · How we use it

Strictly to run the product:

• Show you other people who are at the same venue you just checked into, and show them you.
• Route signals between you and people you tap.
• Deliver messages after a match.
• Enforce the rules — removing blocked users, processing reports, banning bad actors.
• Keep the service alive (debugging, abuse prevention, analytics in aggregate).

We do not sell your data. We do not use it to serve ads. We do not share it with data brokers.

04 · Who we share it with

Only the infrastructure providers we need to operate:

• Apple — if you sign in with Apple, Apple knows you use shimmer. Standard.
• Google (Firebase + Places API) — stores your profile, presence, and messages; provides the venue database. Firebase is covered by Google's standard data processing terms.
• Cloudflare — serves the site and handles DNS. Sees IP addresses and standard request metadata.

We hand data to law enforcement only in response to a valid legal request (subpoena, warrant) or when we believe it's necessary to prevent serious harm. We'll fight overly broad requests.

05 · How long we keep it

• Your profile, vibe, messages: until you delete your account. When you do, everything's gone within 24 hours.
• Presence at venues: automatically removed when you leave or after 10 minutes of inactivity.
• Reports you submit or receive: kept for abuse-review purposes up to 90 days past resolution, then deleted.
• Signals sent but unmatched: expire with presence.

06 · Your rights

You can at any time:

• Access your data — email us, we'll send you a copy.
• Correct your data — edit your profile in the app.
• Delete everything — Settings → Delete account. Instant and irreversible.
• Hide yourself — Settings → toggle off "Visible to others." You'll stay signed in but won't appear at venues.

If you're in California, the EU, or the UK, you have additional rights (portability, restriction, objection, withdrawal of consent, lodging a complaint with a data protection authority). Email privacy@shimmer.bar to exercise any of them.

07 · Security

All data is transmitted over HTTPS. Authentication and storage sit on Google Firebase infrastructure with industry-standard access controls. Nothing is unhackable, but we treat your data like we'd want ours treated. If there's a breach that affects you, we'll tell you within 72 hours of discovery.

08 · Kids

shimmer is for adults. You must be 18 or older to use it. We don't knowingly collect data from anyone under 18. If we learn we have, we delete it immediately. If you believe a minor is using shimmer, email abuse@shimmer.bar.

09 · Cookies and storage

We use browser local storage to keep you signed in between sessions. We don't use third-party advertising cookies. We don't track you across other sites.

10 · Where your data lives

shimmer is a U.S.-based service. Your data is processed and stored in the United States on Google Cloud infrastructure. If you're outside the U.S., using shimmer means your data moves across borders to get to us. For EU/UK users, that transfer happens under Standard Contractual Clauses.

11 · Changes to this policy

If we change how we handle your data in a way that affects you, we'll tell you in the app before the change takes effect. For minor edits (typos, clarifications), we'll update the date at the top and keep going.

12 · California

If you live in California, you have the right under the CCPA to know what personal information we collect and how we use it (covered above), to request deletion (Settings → Delete account, or email us), and to not be discriminated against for exercising those rights. We don't sell or share personal information as those terms are defined under the CCPA.

13 · Contact

Questions, requests, complaints, or concerns: privacy@shimmer.bar.